Index: res_agi.c
===================================================================
--- res_agi.c	(revision 54463)
+++ res_agi.c	(working copy)
@@ -1941,6 +1941,34 @@
 	return RESULT_SUCCESS;
 }
 
+static void write_html_escaped(FILE *htmlfile, char *str)
+{
+	char *cur = str;
+
+	while(*cur) {
+		switch (*cur) {
+		case '<':
+			fprintf(htmlfile, "%s", "&lt;");
+			break;
+		case '>':
+			fprintf(htmlfile, "%s", "&gt;");
+			break;
+		case '&':
+			fprintf(htmlfile, "%s", "&amp;");
+			break;
+		case '"':
+			fprintf(htmlfile, "%s", "&quot;");
+			break;
+		default:
+			fprintf(htmlfile, "%c", *cur);
+			break;
+		}
+		cur++;
+	}
+
+	return;
+}
+
 static int handle_agidumphtml(int fd, int argc, char *argv[])
 {
 	struct agi_command *e;
@@ -1974,16 +2002,20 @@
 		ast_join(fullcmd, sizeof(fullcmd), e->cmda);
 
 		fprintf(htmlfile, "<TR><TD><TABLE BORDER=\"1\" CELLPADDING=\"5\" WIDTH=\"100%%\">\n");
-		fprintf(htmlfile, "<TR><TH ALIGN=\"CENTER\"><B>%s - %s</B></TD></TR>\n", fullcmd,e->summary);
+		fprintf(htmlfile, "<TR><TH ALIGN=\"CENTER\"><B>%s - %s</B></TH></TR>\n", fullcmd,e->summary);
 
 		stringp=e->usage;
 		tempstr = strsep(&stringp, "\n");
 
-		fprintf(htmlfile, "<TR><TD ALIGN=\"CENTER\">%s</TD></TR>\n", tempstr);
-		
+		fprintf(htmlfile, "<TR><TD ALIGN=\"CENTER\">");
+		write_html_escaped(htmlfile, tempstr);
+		fprintf(htmlfile, "</TD></TR>\n");
+
 		fprintf(htmlfile, "<TR><TD ALIGN=\"CENTER\">\n");
-		while ((tempstr = strsep(&stringp, "\n")) != NULL)
-			fprintf(htmlfile, "%s<BR>\n",tempstr);
+		while ((tempstr = strsep(&stringp, "\n")) != NULL) {
+			write_html_escaped(htmlfile, tempstr);
+			fprintf(htmlfile, "<BR>\n");
+		}
 		fprintf(htmlfile, "</TD></TR>\n");
 		fprintf(htmlfile, "</TABLE></TD></TR>\n\n");